package d.d.b.a.d;

import android.content.Context;
import android.text.TextUtils;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.sophos.jsceplib.ScepException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public abstract class b extends com.sophos.cloud.core.command.a {
    public static final String ACT_ERROR_ALREADY_MANAGED = "device_already_managed";
    public static final String ACT_ERROR_NO_LICENSE = "not_licensed";
    public static final String ACT_ERROR_VERSION_TOO_LOW = "os_version_too_low";
    public static final String ACT_HOME_LIMIT_REACHED = " home_device_limit_reached";
    public static final String ACT_HOME_MULTIPLE_ENROLLMENT = "home_multiple_enrollment";
    public static final String CHECKING_URL_PART = "/checkin";
    public static final String CLIENT_API_PART = "/client-api";
    public static final String ENROLL_URL_PART = "/enroll";
    public static final String TAG = "REST";
    private d.d.b.a.c.a mActivationResData;
    private boolean mCloudClient;
    private String mEmail;
    private boolean mIsFirstEnrolledApp;
    private boolean mMtdClient;
    private int mResIdErrorString;
    private d.d.b.a.c.d mRestConfig;
    private String mServerUrl;
    private boolean mSetBearer;
    private boolean mSetXConfigurationToken;
    private String mToken;
    private boolean mUseUnSecuredSSL;
    private static final Set<d.d.b.a.c.h> sScepPreProcessors = new HashSet();
    private static final Set<d.d.b.a.c.g> sActivationPostProcessors = new HashSet();
    private static final Set<d.d.b.a.c.h> sActivationPreProcessors = new HashSet();

    public b(Context context) {
        super(context);
        this.mActivationResData = null;
        this.mResIdErrorString = d.d.b.a.a.enrollment_no_communication;
        this.mCloudClient = true;
        this.mMtdClient = false;
        this.mUseUnSecuredSSL = false;
        this.mSetXConfigurationToken = false;
    }

    public static void addActivationPostProcessor(d.d.b.a.c.g gVar) {
        synchronized (sActivationPostProcessors) {
            sActivationPostProcessors.add(gVar);
        }
    }

    public static void addActivationPreProcessor(d.d.b.a.c.h hVar) {
        synchronized (sActivationPreProcessors) {
            sActivationPreProcessors.add(hVar);
        }
    }

    public static void addScepPreProcessor(d.d.b.a.c.h hVar) {
        synchronized (sScepPreProcessors) {
            sScepPreProcessors.add(hVar);
        }
    }

    private void callPostProcessor(int i2) {
        synchronized (sActivationPostProcessors) {
            Iterator<d.d.b.a.c.g> it = sActivationPostProcessors.iterator();
            while (it.hasNext()) {
                try {
                    it.next().a(i2);
                } catch (Exception e2) {
                    com.sophos.smsec.core.smsectrace.c.T("REST", "Calling Post Processor failed.", e2);
                }
            }
        }
    }

    private void callPreProcessor() {
        synchronized (sActivationPreProcessors) {
            Iterator<d.d.b.a.c.h> it = sActivationPreProcessors.iterator();
            while (it.hasNext()) {
                try {
                    it.next().a();
                } catch (Exception e2) {
                    com.sophos.smsec.core.smsectrace.c.T("REST", "Calling Pre Processor failed", e2);
                }
            }
        }
    }

    private void callScepPreProcessor() {
        synchronized (sScepPreProcessors) {
            Iterator<d.d.b.a.c.h> it = sScepPreProcessors.iterator();
            while (it.hasNext()) {
                try {
                    it.next().a();
                } catch (Exception e2) {
                    com.sophos.smsec.core.smsectrace.c.T("REST", "Calling SCEP Pre Processor failed.", e2);
                }
            }
        }
    }

    public static void removeActivationPostProcessor(d.d.b.a.c.g gVar) {
        synchronized (sActivationPostProcessors) {
            sActivationPostProcessors.remove(gVar);
        }
    }

    public static void removeActivationPreProcessor(d.d.b.a.c.h hVar) {
        synchronized (sActivationPreProcessors) {
            sActivationPreProcessors.remove(hVar);
        }
    }

    public static void removeScepPreProcessor(d.d.b.a.c.h hVar) {
        synchronized (sScepPreProcessors) {
            sScepPreProcessors.remove(hVar);
        }
    }

    public JSONObject buildActivationErrorJson(int i2) throws JSONException {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("email", getEmail());
        jSONObject.put("status", -3);
        jSONObject.put(d.TAG_ENROLL_ERROR, i2);
        return jSONObject;
    }

    public abstract JSONObject buildActivationJson() throws JSONException, SecurityException;

    public int checkActivationResponse() {
        if (TextUtils.isEmpty(this.mActivationResData.getPlatform()) || "android".equals(this.mActivationResData.getPlatform())) {
            return 0;
        }
        this.mResIdErrorString = d.d.b.a.a.enrollment_wrong_platform;
        return -5;
    }

    public boolean detectFirstEnrolledApp() {
        try {
            if (this.mRestConfig.getCertificateSubjectCn() == null || this.mRestConfig.getCertificateSubjectCn().length() <= 0 || this.mRestConfig.getCertificateSubjectO() == null) {
                return true;
            }
            return this.mRestConfig.getCertificateSubjectO().length() <= 0;
        } catch (NullPointerException unused) {
            com.sophos.smsec.core.smsectrace.c.i("REST", "NPE while reading REST config. assuming empty values.");
            return true;
        }
    }

    @Override // com.sophos.cloud.core.command.a
    public int doExecute() {
        callPreProcessor();
        d.d.b.a.c.d loadRestConfig = loadRestConfig();
        this.mRestConfig = loadRestConfig;
        this.mEmail = loadRestConfig.getActivationEmail();
        this.mToken = this.mRestConfig.getActivationSecCode();
        this.mServerUrl = this.mRestConfig.getActivationServer();
        if (runCloudActivation()) {
            com.sophos.smsec.core.smsectrace.c.v("REST", "Cloud activation finished successfully.");
            onActivationSuccess();
            callPostProcessor(0);
            finish(0);
            return 0;
        }
        com.sophos.smsec.core.smsectrace.c.i("REST", "Cloud activation failed");
        onActivationFailure();
        callPostProcessor(-2);
        finish(-2);
        return -2;
    }

    public abstract String getActivationProtocol();

    public abstract d.d.b.a.c.a getActivationResponseParser();

    public String getCloudActivationUrl() {
        if (this.mIsFirstEnrolledApp) {
            return AuthenticationConstants.Broker.REDIRECT_SSL_PREFIX + this.mServerUrl + ENROLL_URL_PART + "/" + this.mToken + CHECKING_URL_PART;
        }
        return AuthenticationConstants.Broker.REDIRECT_SSL_PREFIX + this.mServerUrl + ENROLL_URL_PART + CHECKING_URL_PART + "/" + this.mRestConfig.getDeviceId();
    }

    public String getCloudMtdActivationUrl() {
        return this.mServerUrl;
    }

    public String getEmail() {
        return this.mEmail;
    }

    public int getErrorString() {
        return this.mResIdErrorString;
    }

    public String getPremiseSmcActivationUrl() {
        String str;
        if (this.mIsFirstEnrolledApp) {
            str = AuthenticationConstants.Broker.REDIRECT_SSL_PREFIX + this.mServerUrl + CLIENT_API_PART + ENROLL_URL_PART + "/" + this.mToken + CHECKING_URL_PART;
        } else {
            str = AuthenticationConstants.Broker.REDIRECT_SSL_PREFIX + this.mServerUrl + CLIENT_API_PART + ENROLL_URL_PART + CHECKING_URL_PART + "/" + this.mRestConfig.getDeviceId();
        }
        com.sophos.smsec.core.smsectrace.c.i("REST", "URL: " + str + " first: " + this.mIsFirstEnrolledApp);
        return str;
    }

    public d.d.b.a.c.d getRestConfig() {
        return this.mRestConfig;
    }

    public String getServerUrl() {
        return this.mServerUrl;
    }

    public String getSmcActivationUrl() {
        return !this.mCloudClient ? getPremiseSmcActivationUrl() : isMtdClient() ? getCloudMtdActivationUrl() : getCloudActivationUrl();
    }

    public String getToken() {
        return this.mToken;
    }

    public boolean isCloudClient() {
        return a.g(this.mRestConfig.getActivationSecCode());
    }

    public boolean isFirstEnrolledApp() {
        return this.mIsFirstEnrolledApp;
    }

    public boolean isMtdClient() {
        return this.mMtdClient;
    }

    public abstract d.d.b.a.c.d loadRestConfig();

    public abstract void onActivationFailure();

    public abstract void onActivationSuccess();

    public void onPreScep() {
    }

    public int postRequestToServer(j jVar, JSONObject jSONObject, String str) {
        int i2 = jVar.i(getSmcActivationUrl(), str, jSONObject);
        if (this.mCloudClient || i2 == 200 || !jVar.f()) {
            return i2;
        }
        com.sophos.smsec.core.smsectrace.c.v("REST", "Let's try unsecured SSL!");
        jVar.r(true);
        int i3 = jVar.i(getSmcActivationUrl(), str, jSONObject);
        this.mUseUnSecuredSSL = true;
        return i3;
    }

    public boolean runCloudActivation() {
        this.mIsFirstEnrolledApp = detectFirstEnrolledApp();
        this.mCloudClient = isCloudClient();
        try {
            JSONObject buildActivationJson = buildActivationJson();
            String str = null;
            if (this.mIsFirstEnrolledApp) {
                this.mUseUnSecuredSSL = false;
            } else {
                str = h.a(getContext(), this.mRestConfig, buildActivationJson);
                if (str == null) {
                    com.sophos.smsec.core.smsectrace.c.i("REST", "Cloud sync failed. Cannot create signature sync failed");
                    return false;
                }
                this.mUseUnSecuredSSL = this.mRestConfig.useUnsecuredSSL();
            }
            j jVar = new j(getContext(), this.mRestConfig, this.mUseUnSecuredSSL, getActivationProtocol());
            if (this.mSetXConfigurationToken) {
                jVar.t(this.mToken);
            }
            if (this.mSetBearer) {
                jVar.p(this.mRestConfig.getActivationSecCode());
            }
            int postRequestToServer = postRequestToServer(jVar, buildActivationJson, str);
            if (postRequestToServer != 200 || jVar.c() == null) {
                com.sophos.smsec.core.smsectrace.c.i("REST", "Cloud activation. failed. Cannot post activation package. Status: " + postRequestToServer);
                if (postRequestToServer == 403) {
                    setErrorString(jVar.c());
                } else if (postRequestToServer == 410) {
                    this.mResIdErrorString = d.d.b.a.a.enrollment_old_activation_data;
                } else if (jVar.d()) {
                    this.mResIdErrorString = d.d.b.a.a.error_cert_pinning;
                } else {
                    this.mResIdErrorString = d.d.b.a.a.enrollment_no_communication;
                }
                return false;
            }
            try {
                d.d.b.a.c.a activationResponseParser = getActivationResponseParser();
                this.mActivationResData = activationResponseParser;
                activationResponseParser.parseBody(jVar.c());
                int checkActivationResponse = checkActivationResponse();
                if (checkActivationResponse == 0) {
                    onPreScep();
                    callScepPreProcessor();
                    if (!this.mIsFirstEnrolledApp || !this.mActivationResData.areScepDataPresent()) {
                        return true;
                    }
                    p pVar = new p(this.mRestConfig, this.mUseUnSecuredSSL);
                    com.sophos.jsceplib.b bVar = new com.sophos.jsceplib.b(getContext(), this.mActivationResData.getScepUrl(), this.mActivationResData.getCommonName(), this.mActivationResData.getOrganisation(), this.mRestConfig.getUniqueAppId());
                    try {
                        com.sophos.jsceplib.b.h(pVar);
                        bVar.i(this.mActivationResData.getKeyUsage());
                        bVar.c();
                        return bVar.d(this.mActivationResData.getChallenge());
                    } catch (ScepException e2) {
                        com.sophos.smsec.core.smsectrace.c.j("REST", "Cloud activation. failed. Cannot enroll communication certificate.", e2);
                        return false;
                    }
                }
                com.sophos.smsec.core.smsectrace.c.i("REST", "runCloudActivation failed, checkActivationResponse returned " + checkActivationResponse);
                try {
                    JSONObject buildActivationErrorJson = buildActivationErrorJson(checkActivationResponse);
                    if (!this.mIsFirstEnrolledApp) {
                        str = h.a(getContext(), this.mRestConfig, buildActivationErrorJson);
                    }
                    com.sophos.smsec.core.smsectrace.c.v("REST", "Sending failure code to smc got responseCode " + new j(getContext(), this.mRestConfig, this.mUseUnSecuredSSL, AuthenticationConstants.Broker.BROKER_PROTOCOL_VERSION).k(getSmcActivationUrl(), str, buildActivationErrorJson));
                } catch (JSONException e3) {
                    com.sophos.smsec.core.smsectrace.c.j("REST", "Cannot build error response JSON.", e3);
                }
                return false;
            } catch (JSONException e4) {
                com.sophos.smsec.core.smsectrace.c.j("REST", "Cloud activation. failed. Cannot decode activation response", e4);
                return false;
            }
        } catch (SecurityException e5) {
            com.sophos.smsec.core.smsectrace.c.j("REST", "Cloud activation failed. Cannot get activation data.", e5);
            return false;
        } catch (JSONException e6) {
            com.sophos.smsec.core.smsectrace.c.j("REST", "Cloud activation failed. Cannot build activation JSON.", e6);
            return false;
        }
    }

    public void setAuthorizationBearer(boolean z) {
        this.mSetBearer = z;
    }

    public void setEmail(String str) {
        this.mEmail = str;
    }

    protected void setErrorString(JSONObject jSONObject) {
        this.mResIdErrorString = d.d.b.a.a.enrollment_no_communication;
        if (jSONObject != null) {
            boolean optBoolean = jSONObject.optBoolean(ACT_ERROR_ALREADY_MANAGED);
            boolean optBoolean2 = jSONObject.optBoolean(ACT_ERROR_NO_LICENSE);
            boolean optBoolean3 = jSONObject.optBoolean(ACT_ERROR_VERSION_TOO_LOW);
            boolean optBoolean4 = jSONObject.optBoolean(ACT_HOME_LIMIT_REACHED);
            boolean optBoolean5 = jSONObject.optBoolean(ACT_HOME_MULTIPLE_ENROLLMENT);
            if (optBoolean) {
                this.mResIdErrorString = d.d.b.a.a.enrollment_already_managed;
                return;
            }
            if (optBoolean2) {
                this.mResIdErrorString = d.d.b.a.a.enrollment_no_license;
                return;
            }
            if (optBoolean3) {
                this.mResIdErrorString = d.d.b.a.a.enrollment_version_to_low;
            } else if (optBoolean4) {
                this.mResIdErrorString = d.d.b.a.a.enrollment_device_limit_reached;
            } else if (optBoolean5) {
                this.mResIdErrorString = d.d.b.a.a.enrollment_multiple_devices;
            }
        }
    }

    public void setMtdClient(boolean z) {
        this.mMtdClient = z;
    }

    public void setResIdErrorString(int i2) {
        this.mResIdErrorString = i2;
    }

    public void setRestConfig(d.d.b.a.c.d dVar) {
        this.mRestConfig = dVar;
    }

    public void setServerUrl(String str) {
        this.mServerUrl = str;
    }

    public void setToken(String str) {
        this.mToken = str;
    }

    public void setXConfigurationToken(boolean z) {
        this.mSetXConfigurationToken = z;
    }

    public boolean useUnsecuredSSL() {
        return this.mUseUnSecuredSSL;
    }
}
